Getting Data In

Discussions

Thread Info

How do i convert/fix my cooked data to human readable data?

I've installed a universal forwarder(A) on a linux box which monitors a .log file and forwards data to an intermediat...

by Contributor in

How do I remove host from Data Summary screen but keep data?

Hello, I'm looking for advice on how to handle systems that are removed from the network. We have several hun...

by Explorer in

LINE_BREAKER not working correctly

The event I want to break on looks like this: 25/Jan/17:10:23:00:069+0000 DEBUG Evaluation of condition [188:FTP ...

by Contributor in

What is the best way to collect all DNS queries by client and Responses sent back by a Windows 2012 DNS Server with a universal forwarder?

We have Universal Forwarder installed on MS Windows 2012 DNS server. what is best way to collect all the DNS queries ...

by Explorer in

How can I filter data in search-time from a generated csv file?

Hi, I have a csv file, generated each day from a Powershell script under the Splunk app lookups directory. I use t...

by Contributor in

For Wineventlog, Event ID captures User info, but why does Splunk raw data show user User=NOT_TRANSLATED?

Issue is that for the Wineventlog for Application channel EventCode=11707 and EventCode=11724, intermittently _raw da...

by Splunk Employee in

How to collect Windows event logs that are not from .evtx or .evt files?

I'm trying to collect Windows events. Specifically, I'm trying to collect: \\Applications and Service Logs\Microso...

by Communicator in

Is there a feature in Splunk (similar to Dropbox) where can i drop multiple log files from multiple locations?

Is there a feature in Splunk (like Dropbox) to drop all types of logs from different applications ? Where can i dr...

by New Member in

Permission denied

I am running Splunk enterprise 6.3.1 and universal forwarder. We deploy the universal forwarder onto a Linux machine ...

by Explorer in

Ingested a year's worth of events in Windows from one source, but why did Splunk not index all logs?

I was indexing a years worth of logs (200+GB) from one source path. Data was indexed, but I am trying to understand w...

by Communicator in

How to add Data Sources from different devices to Splunk?

How to Add Data Sources from the following devices: No| Data Type | No’s of devices | ...

by Explorer in

How to configure Splunk to not index a line before it is finished writing?

We are writing out to a log for which splunk is indexing for most lines okay, but some times splunk indexes before th...

by Path Finder in

Is it possible to define a custom location for universal forwarder local configurations?

My Splunk Forwarder is installed on a share, which can be mapped to all the servers in my environment. Therefore, I a...

by Explorer in

Why am I unable to install a Splunk Forwarder on Windows 2008 64 bit (non domain controller) with error "Faulting application openssl.exe.."?

My attempts to install a Splunk forwarder on Windows 2008 fails and is rolled back. In this case, the application ev...

by New Member in

What is best way to use sourcetype with HTTP Event Collector to categorize data?

From the HTTP Event Collector setting page: Source type The source type is one of the default fields that Splunk ...

by Contributor in

HF1 -> HF2 -> Indexer: How to route a set of data that has already been parsed on Heavy Forwarder #1 to a specified index on the indexer through HF #2?

Hello, all I have infrastructure like this 1stHF => 2ndHF => Indexer On the first Heavy Forwarder, I clone some...

by Contributor in

How to configure line breaking on ADmanagerplus log?

I am working on ingesting ADmanagerplus logs. I am having difficulty linebreaking the following log which represents ...

by Explorer in

Is it possible to disable SSL v3 on the universal forwarder?

Is there a way to disable SSL v3 on the UFW? I'm getting flagged by security.

by Champion in

What is function of DEST_KEY in transforms.conf

I am little bit confused by the explanation given for DEST_KEY IN TRANSFORMS.CONF. May I know what is the exact funct...

by Contributor in

Why some of our indexers stop listening on port 9997?

Yesterday we realized that three of our six production indexers stop listening on port 9997. We bounced them and all ...

by Ultra Champion in

Can a sourcetype be aliased, meaning, can it inherit extractions from another sourcetype?

Wasn't able to find a solid answer on this one, but I am using Splunk 6.x, and was wondering if I could have a source...

by Builder in

How to edit inputs.conf to monitor logs on Windows machine?

To monitor a file on Windows machine with names like : access.2016_09_23_00_00_00 I wrote the following stanza in ...

by Path Finder in

how to get the timezone of the logs set in props file

Hi team, I have catalina logs ocming to splunk from Central timezone But my splunk server is installed and configu...

by Path Finder in

Windows 環境で SplunkWeb の Data inputs から複数の UDP inputが設定できない

SplunkWeb にログインし、Data inputsから１つのUDP port 514 インプットを設定することはできます。しかし、追加でもう一つ UDP port 514 インプットを設定すると下記のエラーが出てしまい設定するこ...

by Communicator in

Maximum number of attribute $n in transforms.conf

Hello, the FORMAT option in transforms.conf can use $n to specify the output of each REGEX match. (https://docs.splun...

by Communicator in

Get Updates on the Splunk Community!

Getting Data In

Discussions

How do i convert/fix my cooked data to human readable data?

How do I remove host from Data Summary screen but keep data?

LINE_BREAKER not working correctly

What is the best way to collect all DNS queries by client and Responses sent back by a Windows 2012 DNS Server with a universal forwarder?

How can I filter data in search-time from a generated csv file?

For Wineventlog, Event ID captures User info, but why does Splunk raw data show user User=NOT_TRANSLATED?

How to collect Windows event logs that are not from .evtx or .evt files?

Is there a feature in Splunk (similar to Dropbox) where can i drop multiple log files from multiple locations?

Permission denied

Ingested a year's worth of events in Windows from one source, but why did Splunk not index all logs?

How to add Data Sources from different devices to Splunk?

How to configure Splunk to not index a line before it is finished writing?

Is it possible to define a custom location for universal forwarder local configurations?

Why am I unable to install a Splunk Forwarder on Windows 2008 64 bit (non domain controller) with error "Faulting application openssl.exe.."?

What is best way to use sourcetype with HTTP Event Collector to categorize data?

HF1 -> HF2 -> Indexer: How to route a set of data that has already been parsed on Heavy Forwarder #1 to a specified index on the indexer through HF #2?

How to configure line breaking on ADmanagerplus log?

Is it possible to disable SSL v3 on the universal forwarder?

What is function of DEST_KEY in transforms.conf

Why some of our indexers stop listening on port 9997?

Can a sourcetype be aliased, meaning, can it inherit extractions from another sourcetype?

How to edit inputs.conf to monitor logs on Windows machine?

how to get the timezone of the logs set in props file

Windows 環境で SplunkWeb の Data inputs から複数の UDP inputが設定できない

Maximum number of attribute $n in transforms.conf

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Configuring Splunk OTel Collector for Linux/Window...

Upload failed with ERROR: Read Timeout

Splunk DB connect to Splunk

incomplete field extraction

DB Connect SQL Procedures